Emerging Threats

MemGhost Attack Plants AI Agent False Memories via Single Email
Imagine giving an attacker the keys to manipulate your AI assistant's memories - and all it takes is one ordinary-looking email to rewrite what it thinks it knows about you. With a new tool called MemGhost, hackers can plant false memories in AI agents, altering their responses and actions over time.

Misconfigured Server Reveals Evilginx Phishing Operators
A shocking security blunder exposed the inner workings of a massive Evilginx phishing campaign, revealing 218 victims across 12 countries, with nearly 94% being corporate targets, who were quietly harvested over the course of a year. The careless mistake, made on a Budapest virtual private server, gave researchers a rare glimpse into the sophisticated phishing ecosystem.

UK, EU Attribute Poland Cyberattack to Russian Spies, Warn Infrastructure Operators
The UK and EU have called out Russia's Federal Security Service for a brazen cyberattack on Poland's power grid, saying it's just another example of their reckless attempts to wreak havoc across Europe. The attack, attributed to FSB's Centre 16, was foiled, but serves as a stark warning for infrastructure operators to stay vigilant.

Citrix Bleed 2 Exploit Fuels Ransomware Attacks
Ransomware attacks are on the rise, fueled by a new exploit that has already made a significant impact, and now a major software company has ordered its customers to take critical systems offline due to a credible security threat. Progress has urged customers to shut down vulnerable Windows servers to prevent potential breaches.

CISA Warns of Exploited Flaws in Joomla Extensions
Stay safe online: a critical vulnerability in the iCagenda extension for Joomla can allow attackers to upload malicious files and take control of your website, leading to data theft and total site compromise. CISA warns that this flaw, tracked as CVE-2026-48939, is being actively exploited, so take action now to protect your site.

Chinese and Indian Spies Target Pakistani Police Systems
Suspected Chinese and Indian spies launched a targeted attack on Pakistani police systems, specifically focusing on the Balochistan Police, between February 2024 and April 2026. The intrusion campaigns compromised sensitive data, including biometric records, criminal case files, and national identity information.

Lidl Online Shop Breach Exposes Customer Data After Service Provider Hack
Lidl's online shop was hit by a data breach after a service provider was hacked, exposing customer information - but fortunately, the online shop's system itself remained secure. The company has notified affected customers and taken steps to address the issue.

Forg365 Phishing Service Targets Microsoft 365 with Advanced Device Code Theft
Meet Forg365, a sophisticated phishing service that's targeting Microsoft 365 users with advanced device code theft capabilities, offering a disturbingly user-friendly operator panel and a subscription-based model starting at just $400 a month. This illicit toolkit is being sold on Telegram, putting sensitive data at risk with its legitimate email delivery infrastructure and AI-powered email generation.

UK Charges Five in Crackdown on Russian Coms Spoofing Platform
In a major crackdown on cybercrime, five London residents have been charged in connection with Russian Coms, a notorious caller-ID spoofing platform that enabled scammers to swindle tens of millions from an estimated 170,000 victims since 2020. The accused allegedly helped fraudsters pose as trusted institutions to trick people into handing over cash and sensitive information.

Threat Actors Leverage AI-Generated Scripts to Accelerate Active Directory Attacks
Cyber attackers are now using AI-generated scripts to supercharge their Active Directory attacks, allowing them to quickly map and exploit sensitive domains, users, and computers. This alarming trend was uncovered by Huntress researchers, who analyzed a sophisticated PowerShell script that bore hallmarks of AI assistance.

Cyber-attackers Exploit OAuth Client ID Spoofing in Cloud Environments
Cyber-attackers are increasingly using OAuth Client ID spoofing to infiltrate cloud environments, with multiple campaigns emerging, each with unique tools and infrastructure. This technique allows attackers to cleverly abuse Microsoft Entra ID by mimicking legitimate authentication requests.

Infostealer Infection Enables Argentine FA Breach
A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Progress Software Probes External Threat to ShareFile Storage
Progress Software has alerted ShareFile customers to a credible external security threat targeting its Storage Zone Controllers, and is urging immediate action to protect sensitive data. The company has promised to provide an update within 24 hours and recommends that affected customers disable account access and shut down servers.

Progress Disrupts ShareFile Servers Over External Security Threat
If you're a ShareFile customer, take immediate action: shut down your Storage Zone Controller servers now to protect against a critical external security threat. Progress Software has already disabled access to affected accounts, but manual shutdown is crucial for safeguarding your data.

Russian Hackers Target Routers Globally, Warn Cybersecurity Agencies
A brazen plot by Russian hackers to disrupt global networks was thwarted, but not before cybersecurity agencies warned of a potentially catastrophic attack that could have left 500,000 citizens shivering in the dark. The hackers, linked to Russia's Federal Security Service, targeted vulnerable routers worldwide using simple and easily exploitable passwords.

Ryuk Ransomware Operative Pleads Guilty in US Court
A major player behind the notorious Ryuk Ransomware gang has taken responsibility for their crimes, with Karen Serobovich Vardanyan, a 34-year-old Armenian national, pleading guilty in a US court to conspiracy and computer fraud. As part of his plea deal, Vardanyan will pay over $1.1m in restitution for his role in the massive cyberattack that netted over $15m in bitcoin payments.

Russian Hackers Target Critical Infrastructure via Router Exploits
Russian state-backed hackers have infected 18,000 routers in 120 countries, sparking a multinational warning about the threat to critical infrastructure networks. The alarming campaign is linked to Russia's Federal Security Service (FSB) Centre 16, notorious for exploiting poorly configured routers to gain access to sensitive networks.

Evilginx Phishing Ops Expose Microsoft 365 MFA Weaknesses
A French security firm stumbled upon a live Microsoft 365 phishing operation when a simple Python command was left exposed in a readable file, revealing a treasure trove of sensitive data. This lucky discovery shed light on the alarming weaknesses in Microsoft 365's multi-factor authentication.

Joomla Flaws Exploited as Zero-Days in Active Attacks
A critical vulnerability in the iCagenda extension for Joomla, known as CVE-2026-48939, has been exploited as a zero-day since June 15, 2026, allowing attackers to upload arbitrary files via the component's file attachment feature. This severe flaw, scoring 10.0 on the CVSS scale, has already sparked a wave of automated attacks against popular content-management-system extensions.

RedHook Android Malware Exploits Wireless ADB for Shell Access
Meet RedHook, a sneaky Android malware that's taking advantage of Wireless ADB and Accessibility features to gain shell-level control over your device - and it can be controlled remotely with 53 server-issued commands. This clever malware tricks victims into granting permissions, then takes control, making it a serious threat to your digital security.

China, India-Aligned Hackers Target Pakistani Law Enforcement in Espionage Campaigns
Cyber attackers have launched a stealthy espionage campaign targeting Pakistani law enforcement agencies, breaching sensitive data like biometric records, criminal files, and personnel info. The compromised assets included servers managing police and citizen data at organizations like Balochistan Police.

Compromised jscrambler NPM Package Drops Rust Infostealer
A malicious version of the jscrambler NPM package, 8.14.0, was published on July 11, 2026, and could silently infect your system with a Rust-based infostealer just by installing it, no extra steps required. Merely running the install command was enough to trigger the payload on vulnerable systems.

Australian Cyber Agency Warns of Global CMS Exploitation Campaign
Beware: a large-scale cyber attack is targeting content management systems worldwide, including in Australia, putting many small- to medium-sized businesses at risk of service disruption, credential theft, and malware installation. The Australian Cyber Security Centre warns that this global campaign is actively scanning for vulnerabilities and compromising websites.

Armenian National Pleads Guilty to Ryuk Ransomware Conspiracy
Karen Serobovich Vardanyan, an Armenian national, has pleaded guilty to conspiracy charges for his role in a massive Ryuk ransomware scheme that raked in over $15 million in ransom payments from US-based organizations. The guilty plea marks a major win in the fight against cybercrime, as Vardanyan admitted to his part in the global extortion plot.